Adobe rates the severity of the vulnerabilities addressed by this bulletin as Critical. You can obtain the new version using the software’s built-in update mechanism (Help / Check for Updates); alternatively, you can download Reader installation packages for all platforms here.

The Security Bulletin [APSB14-02] for Flash Player and AIR applies to all platforms (Windows, Linux, and Mac OS X). Affected software versions are:

Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh

Adobe Flash Player 11.2.202.332 and earlier versions for Linux

Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh

Adobe AIR 3.9.0.1380 and earlier versions for Android

Adobe AIR 3.9.0.1380 SDK and earlier versions

Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions

(You can check the version of Flash Player installed on your system by visiting Adobe’s About Flash Player page.) Adobe says this is also a Critical vulnerability. Users of Google’s Chrome browser, of of Microsoft’s Internet Explorer (Versions 10 and 11) should get the new (bundled) Flash Player automatically. Others can obtain installation packages for all platforms from Adobe’s Flash Player Download Center. Please see the Security Bulletin for information on AIR updates.

These Adobe packages have, historically, been popular targets for attackers, because they are widely installed across different platforms. I recommend that you update you systems as soon as you conveniently can.

In keeping with its customary schedule, Microsoft on Thursday released its Security Bulletin Advance Notification for January 2014, summarizing the security bulletins, and associated patches, that it plans to release Tuesday, January 14. This will apparently be a relatively light month, with only four bulletins slated for release; all four have an Important severity rating.

Two of the bulletins are for Windows itself. One affects Windows XP and Server 2003; the other affects Windows 7, Server 2008R2, and Server Core. Other versions of Windows (Vista, Server 2008/SP2, 8, 8.1, RT, RT8.1, and Server 2012) are not affected at all.

Adobe has issued a new Security Bulletin [APSB13-28] for its Flash Player. The fixes address two critical security vulnerabilities. According to Adobe, the affected software versions are:

Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh

Adobe Flash Player 11.2.202.327 and earlier versions for Linux

Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh

Adobe AIR 3.9.0.1210 and earlier versions for Android

Adobe AIR 3.9.0.1210 SDK and earlier versions

Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions

Note that Adobe’s AIR software is also affected. You can check the version of Flash Player that you have, at any time, by visiting the Adobe “About Flash” page.

The new version of Flash Player for Windows and Mac OS X is 11.9.900.170; for Linux, the new version is 11.2.202.332. Please see the Security Bulletin for information on Android versions.

Flash Player has always been a popular target for attackers, because it is so widely installed across different platforms. There is some evidence that the vulnerabilities addressed by these fixes are being exploited; therefore I recommend that you update your system as soon as you conveniently can.

Users of Google’s Chrome browser, and of Internet Explorer 10 or 11 on Windows 8/8.1, should get the updated version automatically via the built-in update mechanism. Other users can obtain the new version from the Flash Player Download page.

The Mozilla organization today released a new version, 26.0, of its Firefox Web browser, for all platforms: Windows, Linux, and Mac OS X. The new version includes fixes for 14 identified security vulnerabilities, five of which Mozilla rates at Critical severity. There are also some other bug fixes:

Because of its security content, I recommend that you update your system as soon as you conveniently can. You can get the new version using the built-in update mechanism, or you can get a complete installation package, in any of 70+ languages, from the download page.

Microsoft today released its regular monthly batch of security updates for Windows and other software, summarized in the Security Bulletin Summary. This month, there are 11 bulletins, addressing 24 identified vulnerabilities. Five of the bulletins have a Critical severity rating; the other six are rated Important. Six of the bulletins apply to Windows and its components and four apply to Microsoft Office. There are also patches for Exchange, SharePoint, Office Web Apps, and Lync server software, as well as for some Microsoft developer tools. (The complete list of affected software is given in the Security Bulletin Summary, along with download links for the patches.)

All supported versions of Windows have at least two Critical bulletins. The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version

Critical

Important

Moderate

Windows XP+SP3

3

2

—

Windows Vista

4

1

—

Windows Server 2003

2

3

—

Windows Server 2008

3

2

—

Windows 7

3

1

—

Windows Server 2008 R2

2

2

—

Windows 8

3

1

—

Windows RT

3

1

—

Windows Server 2012

2

2

—

Windows Server 2012 R2

2

2

—

Windows 8.1

3

1

—

Windows RT 8.1

3

1

—

Windows Server Core

3

1

—

One bulletin applicable to Office is rated Critical; the others are rated Important.

Microsoft says that four of the bulletins for Windows will definitely require a restart; the other bulletins may require one, depending on your system’s configuration.

On Thursday, in keeping with its usual schedule, Microsoft released the Security Bulletin Advanced Notification for November 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, November 12, 2013. This month there are eight bulletins in all; three of these have a maximum security rating of Critical; the others are rated Important. Six of the bulletins affect Windows and its components. Two bulletins affect Microsoft Office. More details on specific versions are given in the Advanced Notification.

All supported versions of Windows have at least one Critical bulletin. The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version

Critical

Important

Moderate

Windows XP+SP3

3

2

—

Windows Vista

3

2

—

Windows Server 2003

1

3

1

Windows Server 2008

1

3

1

Windows 7

3

2

—

Windows Server 2008 R2

1

3

1

Windows 8

3

3

—

Windows RT

3

1

—

Windows Server 2012

1

4

1

Windows Server 2012 R2

1

4

1

Windows 8.1

3

3

—

Windows RT 8.1

3

1

—

Windows Server Core

1

3

—

The bulletins for Office are rated Important.

Microsoft says that five of the bulletins for Windows will definitely require a restart; the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday. If there are significant changes, I will post a note here once the actual updates are available.

Today, in keeping with its usual schedule, Microsoft released the Security Bulletin Advanced Notification for October 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, October 8, 2013. This month there are eight bulletins in all; four of these have a maximum security rating of Critical; the others are rated Important. Four of the bulletins affect Windows and its components. Three bulletins affect Microsoft Office (including Office for Mac); one of these also affects Microsoft’s SharePoint server. A final bulletin affects Microsoft’s Silverlight. More details on specific versions are given in the Advanced Notification.

All supported desktop versions of Windows have at least one Critical bulletin. The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version

Critical

Important

Moderate

Windows XP+SP3

4

—

—

Windows Vista

4

—

—

Windows Server 2003

3

—

1

Windows Server 2008

3

—

1

Windows 7

4

—

—

Windows Server 2008 R2

3

—

1

Windows 8

4

—

—

Windows RT

2

1

—

Windows Server 2012

3

—

1

Windows Server 2012 R2

—

1

—

Windows 8.1

1

—

—

Windows RT 8.1

1

—

—

Windows Server Core

3

—

—

The bulletins for Office and Slverlight are rated Important.

Microsoft says that three of the bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday. If there are significant changes, I will post a note here once the actual updates are available.